|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet
From: Simon L. Nielsen (simon
FreeBSD.org)
Date: Mon Mar 28 2005 - 15:40:12 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2005.03.28 13:24:08 -0800, Will Yardley wrote:
> On Mon, Mar 28, 2005 at 07:52:14PM +0000, FreeBSD Security Advisories wrote:
>
> [ Not sure else where to follow up to - I don't want to bug the security
> team directly about this, so just writing the list for now ]
In general it's fine to bug the security team directly of stuff like
this, but we also do read freebsd-security :-).
> > b) Execute the following commands as root:
> >
> > # cd /usr/src
> > # patch < /path/to/patch
>
> On my home machine (5.3-RELEASE) this failed - I had to go to
> /usr/src/contrib/telnet/telnet for the patch to apply.
Indeed, looks like the FreeBSD 5 patch is an "old" version since that
should have been fixed. I just CC'ed nectar so this can be fixed
ASAP.
> > c) Rebuild the operating system as described in
> > <URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
>
> Just curious... why is it necessary to rebuild the whole operating
> system? Normally, the security advisories just have you rebuild the
> program in question - wouldn't that have sufficed here?
Due to multiple telnet versions (especially in FreeBSD 4) it was
judged that including more specific build instructions for all the
possible combinations of telnet and build options gave to high a risk
for errors possibly resulting in users not actually getting telnet
rebuild correctly.
--
Simon L. Nielsen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQFCSHm7h9pcDSc1mlERAjJgAJsHrM3QMs1DLJ0HE32DEM9RBqX0/QCfc6ns
xMi2Hyv9ygzFzSZCSzdseZU=
=9ykX
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]